funsec mailing list archives
HDM on the (not so) recent MS Visual Studio 2003 'sploit
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Thu, 2 Nov 2006 23:32:21 -0500
from: http://dudevanwinkle.blogspot.com/ ---------------------------------- The MS06-014 bug was just one instance of a pretty common vulnerability in ActiveX Objects. Some objects expose a method that allows new objects to be created through them. If any of these objects are marked as safe for scripting, its possible to create abtrirary COM instances through a 'safe' object (leading to pwnage). I went to write the MS06-014 exploit and realized I had a bunch of other ways to exploit the same type of flaw. I added the WMI bug to the list and then followed it by a set of usually-restricted COMs that have the same feature. If the system is misconfigured or is using an old version of Office, almost any of those 'targets' in the exploit can be used to run arbitrary code :-) ------------------------------------ -JP<'nother shameless plug> _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- HDM on the (not so) recent MS Visual Studio 2003 'sploit Dude VanWinkle (Nov 02)